After generating a seed phrase, the list of 12 - 24 words generated in this book requires proper backups and security, as these words are the only way to recover access to a wallet. The structure of HD wallets and how it generates addresses deterministically using a single seed means that all your created addresses will be backed up using this one list of mnemonic words, which represents your seed or recovery phrase.

Keep your recovery phrase secure. If accessed by someone, specifically with malicious intent, they can move your funds. Keeping the seed safe and secure, while also remembering that it is mutual between them. There are several methods for storing Bitcoin private keys, each with its own benefits and disadvantages, in terms of security, privacy, convenience, and physical storage. Due to the importance of private keys, Bitcoin users tend to store and safely keep these keys in “self-custody” rather than using “custodial” services like banks. Depending on the user, they must use either a Cold storage solution or a Hot wallet.

Usually, bitcoin wallets are denominated in a Hot Wallet or a Cold Wallet. Most trade-offs lie in convenience, ease of use, and security risks. Each of these methods can also be seen in a custodian solution. However, trade-offs here are mostly security and privacy-based and go beyond the scope of this course.

Hot wallets are the most convenient way of interacting with Bitcoin through mobile, web, or desktop software. The wallet is always connected to the internet, enabling users to send or receive Bitcoin. This, however, is also its weakness; the wallet, as it is always online, is now more vulnerable to attacks by hackers or malware on your device. In BTCPay Server, hot wallets store the private keys on the instance. Anyone accessing your BTCPay Server store could potentially steal funds from this address if they are malicious. When BTCPay Server runs in a hosted environment, you should always consider this in your security profile and preferably not use a hot wallet in such a case. When BTCPay Server is installed on hardware owned and secured by you, the risk profile significantly lowers, but it never completely disappears.

Individuals move their private keys into a cold wallet because it can isolate them from the internet, thereby protecting their funds from potential online threats. Removing the internet connection from the equation reduces the risk of malware, spyware, and SIM swaps. Cold storage is believed to be superior to hot storage for security and autonomy, provided adequate precautions are taken to prevent losing the Bitcoin private keys. Cold storage is most suitable for large amounts of Bitcoin, which are not intended to be spent often due to the wallet setup’s complexity.

There are various methods of storing Bitcoin keys in cold storage, from paper wallets to brain wallets, hardware wallets, or, from the beginning, a wallet file. Most wallets use BIP 39 to generate the seed phrase. However, within the Bitcoin Core software, a consensus has yet to be reached on its use. Bitcoin Core software will still generate a Wallet.dat file, which you need to store in a secure offline location.

In this section, you learned: